You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like the terraform-aws-control_tower_account_factory module to expose a variable called var.customization_codebuild_secrets`
The value of this variable would be a map of environment variable names -> SecretsManager secret names
Each key in this map would be added to the aft-global-customizations-terraform and aft-account-customizations-terraform Codebuild projects as a SecretsManager driven environment variable (whose value is the corresponding key)
The identity policy on the role used by these CodeBuild projects would also need to be updated accordingly.
This would allow AFT customers to leverage AFT to deploy non-AWS resources as customizations (for example, an Okta group per AFT managed account).
Is your feature request related to a problem you are currently experiencing? If so, please describe.
Yes, we would like to use AFT to deploy non-AWS resources as customizations, but we do not have a clean way to provide credentials for non-AWS Terraform providers to the customization CodeBuild projects.
Additional context
The text was updated successfully, but these errors were encountered:
@addefisher thank you for reaching out.
Please may you elaborate on the ask with examples and snippets to ensure we understand the requirement better.
Please may you also expand on if you have already explored achieving the goal with existing capabilities (pre-/post api helpers etc. ) and what were the challenges there?
Describe the outcome you'd like
I would like the
terraform-aws-control_tower_account_factory module to expose a variable called
var.customization_codebuild_secrets`aft-global-customizations-terraform
andaft-account-customizations-terraform
Codebuild projects as a SecretsManager driven environment variable (whose value is the corresponding key)This would allow AFT customers to leverage AFT to deploy non-AWS resources as customizations (for example, an Okta group per AFT managed account).
Is your feature request related to a problem you are currently experiencing? If so, please describe.
Yes, we would like to use AFT to deploy non-AWS resources as customizations, but we do not have a clean way to provide credentials for non-AWS Terraform providers to the customization CodeBuild projects.
Additional context
The text was updated successfully, but these errors were encountered: